R
Ryan Hanisco
Hello everyone,
I have a web site that uses Certificate Authentication for user identity.
My CA issues certificates to the end users and the web site inspects the
certificate properties to allow users into the site.
The CA is a private CA that uses a self-signed cert at the top level. On
all non-Vista operating systems, everything works well. When Vista requests
the cert, it prompts me that it needs to add the Trusted Root Cert for the
CA.. I do this and make sure that it places the Root Cert in the Trusted
Root Cert area. Then the personal cert installs correctly. I can use the
Cert MMC to see that the root is there and that the client cert is in the
right place.
When I load the web site, I do hit it with SSL and I get the "Choose a
Digital Certificate" dialog box that I expect. Unfortunately, in the
Identification box, there are no certificates listed at all -- so the
authentication fails.
I have seen a number of other complaining about this very issue on other
sites in my search for an answer, but I have yet to see a working response.
I have tried:
- Manually importing the Root Cert
- Adding the site to a security zone with settings on low or making the site
a trusted site
- In IE, turning off the Revocation status for the cert and the CA
- Removing the IE check for signatures on downloads
I am running out of options and am looking for additional direction. Anyone??
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Server 2008, Project+
http://www.techsterity.com
Chicago, IL
Remember: Marking helpful answers helps everyone find the info they need
quickly.
I have a web site that uses Certificate Authentication for user identity.
My CA issues certificates to the end users and the web site inspects the
certificate properties to allow users into the site.
The CA is a private CA that uses a self-signed cert at the top level. On
all non-Vista operating systems, everything works well. When Vista requests
the cert, it prompts me that it needs to add the Trusted Root Cert for the
CA.. I do this and make sure that it places the Root Cert in the Trusted
Root Cert area. Then the personal cert installs correctly. I can use the
Cert MMC to see that the root is there and that the client cert is in the
right place.
When I load the web site, I do hit it with SSL and I get the "Choose a
Digital Certificate" dialog box that I expect. Unfortunately, in the
Identification box, there are no certificates listed at all -- so the
authentication fails.
I have seen a number of other complaining about this very issue on other
sites in my search for an answer, but I have yet to see a working response.
I have tried:
- Manually importing the Root Cert
- Adding the site to a security zone with settings on low or making the site
a trusted site
- In IE, turning off the Revocation status for the cert and the CA
- Removing the IE check for signatures on downloads
I am running out of options and am looking for additional direction. Anyone??
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Server 2008, Project+
http://www.techsterity.com
Chicago, IL
Remember: Marking helpful answers helps everyone find the info they need
quickly.